[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Package warning - Rawhide



On Sun, 2008-10-12 at 16:52 +0100, Richard Hughes wrote:
> Maybe a setting in PackageKit.conf might be the best plan:
> 
> UnsignedPackages=abort|warn|allow
> 
> What do you guys think. Upstream we set this to abort, and patch the
> package in rawhide to "allow" -- having F10 set to warn or abort.

What about something like the attached? I can put a patch in the rawhide
spec file to change this to "allow" to avoid the warnings, and then when
F10 branches, remove the patch.

This covers my backside a little, in my opinion. Comments?

Richard.

diff --git a/backends/yum/yumBackend.py b/backends/yum/yumBackend.py
index 90de0ce..1ff3e58 100755
--- a/backends/yum/yumBackend.py
+++ b/backends/yum/yumBackend.py
@@ -65,6 +65,11 @@ MetaDataMap = {
     'updateinfo'    : STATUS_DOWNLOAD_UPDATEINFO
 }
 
+# constants used for GPG policy
+UNSIGNED_POLICY_ALLOW = "allow"
+UNSIGNED_POLICY_WARN = "warn"
+UNSIGNED_POLICY_ABORT = "abort"
+
 class GPGKeyNotImported(exceptions.Exception):
     pass
 
@@ -186,6 +191,9 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
     def __init__(self, args, lock=True):
         signal.signal(signal.SIGQUIT, sigquit)
         PackageKitBaseBackend.__init__(self, args)
+
+        self.unsigned_policy = UNSIGNED_POLICY_ABORT
+        self.already_warned = False
         self.yumbase = PackageKitYumBase(self)
         self._lang = os.environ['LANG']
         self.comps = yumComps(self.yumbase)
@@ -194,6 +202,12 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
             if not self.comps.connect():
                 self.error(ERROR_GROUP_LIST_INVALID, 'comps categories could not be loaded')
 
+        # get unsigned repo policy from config file
+        config = ConfigParser.ConfigParser()
+        config.read('/home/hughsie/Code/PackageKit/etc/PackageKit.conf.in')
+        if config.has_option('Daemon', 'UnsignedPackages'):
+            self.unsigned_policy = config.get('Daemon', 'UnsignedPackages')
+
         # this is global so we can catch sigquit and closedown
         yumbase = self.yumbase
         self._setup_yum()
@@ -1024,6 +1038,7 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
         self.allow_cancel(True)
         self.percentage(0)
         self.status(STATUS_RUNNING)
+        self.already_warned = False
 
         old_throttle = self.yumbase.conf.throttle
         self.yumbase.conf.throttle = "60%" # Set bandwidth throttle to 60%
@@ -1033,6 +1048,8 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
 
         try:
             txmbr = self.yumbase.update() # Add all updates to Transaction
+            for t in txmbr:
+                self._check_package_unsigned(t.po)
         except yum.Errors.RepoError, e:
             self.error(ERROR_REPO_NOT_AVAILABLE, str(e))
         if txmbr:
@@ -1122,6 +1139,19 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
                             if show:
                                 self._show_package(pkg, INFO_AVAILABLE)
 
+    def _check_package_unsigned(self, pkg):
+        '''
+        Returns if the package is signed, and does the correct policy action
+        '''
+        repo = self.yumbase.repos.getRepo(pkg.repoid)
+        if not repo.gpgcheck:
+            if self.unsigned_policy == UNSIGNED_POLICY_WARN:
+                if not self.already_warned:
+                    self.message(MESSAGE_UNTRUSTED_PACKAGE, "The untrusted package %s will be installed from %s" % (pkg.name, repo))
+                    self.already_warned = True
+            elif self.unsigned_policy == UNSIGNED_POLICY_ABORT:
+                self.error(ERROR_MISSING_GPG_SIGNATURE, "The untrusted package %s will not be installed from %s (repo is not signed)" % (pkg.name, repo))
+
     def install_packages(self, package_ids):
         '''
         Implement the {backend}-install-packages functionality
@@ -1132,8 +1162,8 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
         self.allow_cancel(False)
         self.percentage(0)
         self.status(STATUS_RUNNING)
+        self.already_warned = False
         txmbrs = []
-        already_warned = False
         for package in package_ids:
             grp = self._is_meta_package(package)
             if grp:
@@ -1141,19 +1171,12 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
                     self.error(ERROR_PACKAGE_ALREADY_INSTALLED, "This Group %s is already installed" % grp.groupid)
                 txmbr = self.yumbase.selectGroup(grp.groupid)
                 for t in txmbr:
-                    repo = self.yumbase.repos.getRepo(t.po.repoid)
-                    if not already_warned and not repo.gpgcheck:
-                        self.message(MESSAGE_UNTRUSTED_PACKAGE, "The untrusted package %s will be installed from %s." % (t.po.name, repo))
-                        already_warned = True
-
+                    self._check_package_unsigned(t.po)
                 txmbrs.extend(txmbr)
             else:
                 pkg, inst = self._findPackage(package)
                 if pkg and not inst:
-                    repo = self.yumbase.repos.getRepo(pkg.repoid)
-                    if not already_warned and not repo.gpgcheck:
-                        self.message(MESSAGE_UNTRUSTED_PACKAGE, "The untrusted package %s will be installed from %s." % (pkg.name, repo))
-                        already_warned = True
+                    self._check_package_unsigned(pkg)
                     txmbr = self.yumbase.install(po=pkg)
                     txmbrs.extend(txmbr)
                 if inst:
@@ -1345,11 +1368,13 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
         self.allow_cancel(False)
         self.percentage(0)
         self.status(STATUS_RUNNING)
+        self.already_warned = False
         txmbrs = []
         try:
             for package in package_ids:
                 pkg, inst = self._findPackage(package)
                 if pkg:
+                    self._check_package_unsigned(pkg)
                     txmbr = self.yumbase.update(po=pkg)
                     txmbrs.extend(txmbr)
         except yum.Errors.RepoError, e:
diff --git a/etc/PackageKit.conf.in b/etc/PackageKit.conf.in
index d206d43..908bdb5 100644
--- a/etc/PackageKit.conf.in
+++ b/etc/PackageKit.conf.in
@@ -69,3 +69,23 @@ RefreshCacheScanDesktopFiles=true
 # default=true
 RefreshCacheUpdatePackageList=true
 
+# If we allow unsigned packages from unsigned software sources to be installed
+# or updated.
+#
+# For software sources that are unsigned (typical for development distributions
+# or non-professional sources) this may have to be set to "warn" or "allow".
+#
+# If this is done and the source is compromised, then untrusted packages could
+# be installed on a client computer automatically if the user policy is set
+# to auto-update. Only change this if you trust all your sources completely.
+#
+# If your distribution patches this value, and somebody "hacks" your computer
+# by poisoning your mirror, then don't come crying to us.
+#
+# Allowable values are "abort", "warn" or "allow"
+#
+# THIS VALUE IS SECURITY SENSITIVE.
+#
+# default=abort
+UnsignedPackages=abort
+

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]